CVE-2025-38308

MEDIUM

Linux Kernel 6.15-6.15.2 - Null Pointer Dereference in ASoC Intel AVS Hardware Initialization

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix possible null-ptr-deref when initing hw Search result of avs_dai_find_path_template() shall be verified before being used. As 'template' is already known when avs_hw_constraints_init() is fired, drop the search entirely.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/ea218ae05e60616531fe652650b98dcd3c328279

Patch

https://git.kernel.org/stable/c/2f78724d4f0c665c83e202e3989d5333a2cb1036

Scores

CVSS v3 5.5

EPSS 0.0012

EPSS Percentile 2.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (9)

linux/Kernel 6.15.0 - 6.15.3linux

Linux/Linux < 6.15

Linux/Linux 6.15

Linux/Linux 6.15.3 - 6.15.*

Linux/Linux 6.16

Linux/Linux f2f847461fb7620e299be873cdd9437ddecd2266 - 2f78724d4f0c665c83e202e3989d5333a2cb1036

Linux/Linux f2f847461fb7620e299be873cdd9437ddecd2266 - ea218ae05e60616531fe652650b98dcd3c328279

linux/linux_kernel 6.15 (6 CPE variants)

linux/linux_kernel 6.15.1 - 6.15.3

Published Jul 10, 2025

Tracked Since Feb 18, 2026